According to their CPS (Chinese version 3.2 Jul.2016), 1. All CAs can issue SM2 certificates and uses SM3 Hash.
2. There is a "signing key" generated by subscriber and "encryption key" generated by CFCA which transmitted to subscriber. 3. For SSL certificate, the longest vaild duration is 5 years, which is much more than 39 months. Are those conflicting with Mozilla's policy? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy